Dare Obasanjo wrote:
I still don't get it. How does using a new HTTP method
somehow prevent whatever problems you claim exist by
using POST. Also you need to do a better job of
explaining what these supposed problems are.
Let's see. It's tough to make an exhaustive list, because POST is used for all sorts of things, many of which are not idempotent (PaceServiceError is), and the list of purposes its used for grows every day.
Cross-site scripting would be a good one.
1.) Evil person finds naive PHP script out there on the net.
2.) Evil person manipulates honest clients into POSTing to it by giving them bogus XML.
3.) PHP script bombarded with POSTs from random clients. Using a new verb makes it likely that a 405 would result.
Also, I'd like to note that the Pace doesn't say anything about a body for the request. It's just a hit counter.
Robert Sayre
